Filtered by vendor Motorola
Subscribe
Total
80 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9121 | 1 Motorola | 4 C1, C1 Firmware, M2 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetSmartQoSSettings API function, as demonstrated by shell metacharacters in the smartqos_priority_devices field. | |||||
| CVE-2019-9120 | 1 Motorola | 4 C1, C1 Firmware, M2 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWLanACLSettings API function, as demonstrated by shell metacharacters in the wl(0).(0)_maclist field. | |||||
| CVE-2019-9119 | 1 Motorola | 4 C1, C1 Firmware, M2 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteSettings API function, as demonstrated by shell metacharacters in the staticroute_list field. | |||||
| CVE-2019-9118 | 1 Motorola | 4 C1, C1 Firmware, M2 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNTPServerSettings API function, as demonstrated by shell metacharacters in the system_time_timezone field. | |||||
| CVE-2019-9117 | 1 Motorola | 4 C1, C1 Firmware, M2 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNetworkTomographySettings API function, as demonstrated by shell metacharacters in the tomography_ping_number field. | |||||
| CVE-2018-20399 | 1 Motorola | 6 Sbg901, Sbg901 Firmware, Sbg941 and 3 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-12499 | 1 Motorola | 2 Mbp853, Mbp853 Firmware | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate. | |||||
| CVE-2017-9498 | 2 Comcast, Motorola | 4 Xfinity Xr11-20, Xfinity Xr11-20 Firmware, Mx011anm and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity XR11-20 Voice Remote devices allows local users to upload arbitrary firmware images to an XR11 by leveraging root access. In other words, there is no protection mechanism involving digital signatures for the firmware. | |||||
| CVE-2017-9497 | 2 Cisco, Motorola | 2 Mx011anm Firmware, Mx011anm | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to execute arbitrary commands as root by pulling up the diagnostics menu on the set-top box, and then posting to a Web Inspector route. | |||||
| CVE-2017-9496 | 2 Cisco, Motorola | 2 Mx011anm Firmware, Mx011anm | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to access an SNMP server by connecting a cable to the Ethernet port, and then establishing communication with the device's link-local IPv6 address. | |||||
| CVE-2017-9495 | 1 Motorola | 2 Mx011anm, Mx011anm Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to read arbitrary files by pressing "EXIT, Down, Down, 2" on an RF4CE remote to reach the diagnostic display, and then launching a Remote Web Inspector script. | |||||
| CVE-2017-9494 | 1 Motorola | 2 Mx011anm, Mx011anm Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet. | |||||
| CVE-2017-9493 | 2 Cisco, Motorola | 2 Mx011anm Firmware, Mx011anm | 2024-11-21 | 5.8 MEDIUM | 6.3 MEDIUM |
| The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to conduct successful forced-pairing attacks (between an RF4CE remote and a set-top box) by repeatedly transmitting the same pairing code. | |||||
| CVE-2015-7936 | 1 Motorola | 1 Moscad Ip Gateway Firmware | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remote attackers to hijack the authentication of administrators for requests that modify a password. | |||||
| CVE-2015-7935 | 1 Motorola | 1 Moscad Ip Gateway Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-1496 | 1 Motorola | 1 Motorola Scanner Sdk | 2024-11-21 | 7.2 HIGH | N/A |
| Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2015-1495 | 1 Motorola | 1 Motorola Scanner Sdk | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx. | |||||
| CVE-2014-0997 | 4 Google, Lg, Motorola and 1 more | 6 Android, Nexus 4, Nexus 5 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame. | |||||
| CVE-2013-5933 | 2 Google, Motorola | 2 Android, Defy Xt | 2024-11-21 | 6.9 MEDIUM | N/A |
| Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service (memory corruption) by writing a long string to the /dev/socket/init_runit socket that is inconsistent with a certain length value that was previously written to this socket. | |||||
| CVE-2013-4777 | 2 Google, Motorola | 2 Android, Defy Xt | 2024-11-21 | 6.9 MEDIUM | N/A |
| A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object. | |||||